/**
* Updates an existing Group
*
* @param int $groupID - Group identifier
* @param string $name - Name of the group
* @param string $description - Group description (optional)
* @return boolean True on successful update
**/
function updateGroup($group_id, $name, $description = '')
{
global $wpdb;
$description = strip_tags($description);
if ($prev = scoper_get_row("SELECT * FROM {$wpdb->groups_rs} WHERE {$wpdb->groups_id_col}='{$group_id}';")) {
if ($prev->{$wpdb->groups_name_col} != $name && !UserGroups_tp::isValidName($name)) {
return false;
}
// don't allow updating of metagroup name / descript
if (!empty($prev->meta_id)) {
return false;
}
}
do_action('update_group_rs', $group_id);
$query = "UPDATE {$wpdb->groups_rs} SET {$wpdb->groups_name_col} = '{$name}', {$wpdb->groups_descript_col}='{$description}' WHERE {$wpdb->groups_id_col}='{$group_id}';";
scoper_query($query);
wpp_cache_flush_group('all_usergroups');
wpp_cache_flush_group('group_members');
wpp_cache_flush_group('usergroups_for_user');
wpp_cache_flush_group('usergroups_for_groups');
wpp_cache_flush_group('usergroups_for_ug');
return true;
}
function scoper_flush_cache_flag_once($cache_flag)
{
static $flushed_wpcache_flags;
if (!isset($flushed_wpcache_flags)) {
$flushed_wpcache_flags = array();
}
if (!isset($flushed_wpcache_flags[$cache_flag])) {
wpp_cache_flush_group($cache_flag);
$flushed_wpcache_flags[$cache_flag] = true;
}
}
function scoper_sync_wproles($user_ids = '', $role_name_arg = '', $blog_id_arg = '')
{
global $wpdb, $wp_roles;
if ($user_ids && !is_array($user_ids)) {
$user_ids = array($user_ids);
}
if (empty($wp_roles->role_objects)) {
return;
}
$wp_rolenames = array_keys($wp_roles->role_objects);
$uro_table = $blog_id_arg ? $wpdb->base_prefix . $blog_id_arg . '_' . 'user2role2object_rs' : $wpdb->user2role2object_rs;
$groups_table = $wpdb->groups_rs;
$user2group_table = $wpdb->user2group_rs;
// Delete any role entries for WP roles which were deleted or renamed while Role Scoper was deactivated
// (users will be re-synched to new role name)
$name_in = "'" . implode("', '", $wp_rolenames) . "'";
$qry = "DELETE FROM {$uro_table} WHERE role_type = 'wp' AND scope = 'blog' AND role_name NOT IN ({$name_in})";
scoper_query($qry);
// also sync WP Role metagroups
if (!empty($user_ids)) {
foreach ($user_ids as $user_id) {
wpp_cache_delete($user_id, 'group_membership_for_user');
}
}
$metagroup_ids = array();
$metagroup_names = array();
$metagroup_descripts = array();
foreach ($wp_rolenames as $role_name) {
$metagroup_id = "wp_role_" . trim(substr($role_name, 0, 40));
// if the name is too long and its truncated ID already taken, just exclude it from eligible metagroups
if (in_array($metagroup_id, $metagroup_ids)) {
continue;
}
$metagroup_ids[] = $metagroup_id;
$metagroup_names["wp_role_{$role_name}"] = sprintf('[WP %s]', $role_name);
$metagroup_descripts["wp_role_{$role_name}"] = sprintf('All users with the WordPress %s blog role', $role_name);
}
// add a metagroup for anonymous users
$metagroup_ids[] = "wp_anon";
$metagroup_names["wp_anon"] = '[Anonymous]';
$metagroup_descripts["wp_anon"] = 'Anonymous users (not logged in)';
// add a metagroup for pending revision e-mail notification recipients
$metagroup_ids[] = "rv_pending_rev_notice_ed_nr_";
$metagroup_names["rv_pending_rev_notice_ed_nr_"] = '[Pending Revision Monitors]';
$metagroup_descripts["rv_pending_rev_notice_ed_nr_"] = 'Administrators / Publishers to notify (by default) of pending revisions';
// add a metagroup for pending revision e-mail notification recipients
$metagroup_ids[] = "rv_scheduled_rev_notice_ed_nr_";
$metagroup_names["rv_scheduled_rev_notice_ed_nr_"] = '[Scheduled Revision Monitors]';
$metagroup_descripts["rv_scheduled_rev_notice_ed_nr_"] = 'Administrators / Publishers to notify when any scheduled revision is published';
$stored_metagroup_ids = array();
$qry = "SELECT {$wpdb->groups_meta_id_col}, {$wpdb->groups_id_col}, {$wpdb->groups_name_col} FROM {$groups_table} WHERE NOT ISNULL({$wpdb->groups_meta_id_col}) AND ( {$wpdb->groups_meta_id_col} != '' )";
// LIKE 'wp_%'";
if ($results = scoper_get_results($qry)) {
//rs_errlog("metagroup results: " . serialize($stored_metagroup_ids)');
$delete_metagroup_ids = array();
$update_metagroup_ids = array();
foreach ($results as $row) {
if (!in_array($row->{$wpdb->groups_meta_id_col}, $metagroup_ids)) {
$delete_metagroup_ids[] = $row->{$wpdb->groups_id_col};
} else {
$stored_metagroup_ids[] = $row->{$wpdb->groups_meta_id_col};
if ($row->{$wpdb->groups_name_col} != $metagroup_names[$row->{$wpdb->groups_meta_id_col}]) {
$update_metagroup_ids[] = $row->{$wpdb->groups_meta_id_col};
}
}
}
if ($delete_metagroup_ids) {
$id_in = "'" . implode("', '", $delete_metagroup_ids) . "'";
scoper_query("DELETE FROM {$groups_table} WHERE {$wpdb->groups_id_col} IN ({$id_in})");
}
if ($update_metagroup_ids) {
foreach ($update_metagroup_ids as $metagroup_id) {
if ($metagroup_id) {
scoper_query("UPDATE {$groups_table} SET {$wpdb->groups_name_col} = '{$metagroup_names[$metagroup_id]}', {$wpdb->groups_descript_col} = '{$metagroup_descripts[$metagroup_id]}' WHERE {$wpdb->groups_meta_id_col} = '{$metagroup_id}'");
}
}
}
}
if ($insert_metagroup_ids = array_diff($metagroup_ids, $stored_metagroup_ids)) {
//rs_errlog("inserting metagroup ids: " . serialize($insert_metagroup_ids)');
foreach ($insert_metagroup_ids as $metagroup_id) {
scoper_query("INSERT INTO {$groups_table} ( {$wpdb->groups_meta_id_col}, {$wpdb->groups_name_col}, {$wpdb->groups_descript_col} ) VALUES ( '{$metagroup_id}', '{$metagroup_names[$metagroup_id]}', '{$metagroup_descripts[$metagroup_id]}' )");
//rs_errlog( "INSERT INTO $groups_table ( $wpdb->groups_meta_id_col, $wpdb->groups_name_col, $wpdb->groups_descript_col ) VALUES ( '$metagroup_id', '$metagroup_names[$metagroup_id]', '$metagroup_descripts[$metagroup_id]' )" );
}
}
if (!empty($delete_metagroup_ids) || !empty($update_metagroup_ids)) {
wpp_cache_flush();
// role deletion / rename might affect other cached data or settings, so flush the whole cache
} elseif (!empty($insert_group_ids)) {
wpp_cache_flush_group('all_usergroups');
wpp_cache_flush_group('usergroups_for_groups');
wpp_cache_flush_group('usergroups_for_user');
wpp_cache_flush_group('usergroups_for_ug');
}
// Now step through every WP usermeta record,
// synchronizing the user's user2role2object_rs blog role entries with their WP role and custom caps
// get each user's WP roles and caps
$user_clause = $user_ids ? 'AND user_id IN (' . implode(', ', $user_ids) . ')' : '';
$qry = "SELECT user_id, meta_value FROM {$wpdb->usermeta} WHERE meta_key = '{$wpdb->prefix}capabilities' {$user_clause}";
if (!($usermeta = scoper_get_results($qry))) {
return;
}
//rs_errlog("got " . count($usermeta) . " usermeta records");
$wp_rolecaps = array();
foreach ($wp_roles->role_objects as $role_name => $role) {
$wp_rolecaps[$role_name] = $role->capabilities;
}
//rs_errlog(serialize($wp_rolecaps));
$strip_vals = array('', 0, false);
$stored_assignments = array('wp' => array(), 'wp_cap' => array());
foreach (array_keys($stored_assignments) as $role_type) {
$results = scoper_get_results("SELECT user_id, role_name, assignment_id FROM {$uro_table} WHERE role_type = '{$role_type}' AND user_id > 0 {$user_clause}");
foreach ($results as $key => $row) {
$stored_assignments[$role_type][$row->user_id][$row->assignment_id] = $row->role_name;
unset($results[$key]);
}
}
foreach (array_keys($usermeta) as $key) {
$user_id = $usermeta[$key]->user_id;
$user_caps = maybe_unserialize($usermeta[$key]->meta_value);
if (empty($user_caps) || !is_array($user_caps)) {
continue;
}
//rs_errlog("user caps: " . serialize($user_caps));
$user_roles = array();
// just in case, strip out any entries with false value
$user_caps = array_diff($user_caps, $strip_vals);
$user_roles = array('wp' => array(), 'wp_cap' => array());
//Filter out caps that are not role names
$user_roles['wp'] = array_intersect(array_keys($user_caps), $wp_rolenames);
// Store any custom-assigned caps as single-cap roles
// This will be invisible and only used to support the users query filter
// With current implementation, the custom cap will only be honored when
// users_who_can is called with a single capreq
$user_roles['wp_cap'] = array_diff(array_keys($user_caps), $user_roles['wp']);
// which roles are already stored in user2role2object_rs table?
$stored_roles = array();
$delete_roles = array();
foreach (array_keys($user_roles) as $role_type) {
//$results = scoper_get_results("SELECT role_name, assignment_id FROM $uro_table WHERE role_type = '$role_type' AND user_id = '$user_id'");
//if ( $results ) {
if (isset($stored_assignments[$role_type][$user_id])) {
//rs_errlog("results: " . serialize($results));
foreach ($stored_assignments[$role_type][$user_id] as $assignment_id => $role_name) {
// Log stored roles, and delete any roles which user no longer has (possibly because the WP role definition was deleted).
// Only Role Scoper's mirroring of WP blog roles is involved here unless Role Scoper was configured and used with a Role Type of "WP".
// This also covers any WP role changes made while Role Scoper was deactivated.
if (in_array($role_name, $user_roles[$role_type])) {
$stored_roles[$role_type][] = $role_name;
} else {
$delete_roles[] = $assignment_id;
}
}
} else {
$stored_roles[$role_type] = array();
}
}
if ($delete_roles) {
$id_in = implode(', ', $delete_roles);
scoper_query("DELETE FROM {$uro_table} WHERE assignment_id IN ({$id_in})");
}
//rs_errlog("user roles " . serialize($user_roles) ');
//rs_errlog("stored roles " . serialize($stored_roles)');
// add any missing roles
foreach (array_keys($user_roles) as $role_type) {
if (!empty($stored_roles[$role_type])) {
$user_roles[$role_type] = array_diff($user_roles[$role_type], $stored_roles[$role_type]);
}
if (!empty($user_roles[$role_type])) {
foreach ($user_roles[$role_type] as $role_name) {
//rs_errlog("INSERT INTO $uro_table (user_id, role_name, role_type, scope) VALUES ('$user_id', '$role_name', '$role_type', 'blog')");
scoper_query("INSERT INTO {$uro_table} (user_id, role_name, role_type, scope) VALUES ('{$user_id}', '{$role_name}', '{$role_type}', 'blog')");
}
}
}
}
// end foreach WP usermeta
// disable orphaned role deletion until we can recreate and eliminate improper deletion as reported in support forum (http://agapetry.net/forum/role-scoper/permissions-reset-randomly-for-a-section-of-pages/page-1/post-3513/)
// Delete any role assignments for users which no longer exist
//delete_roles_orphaned_from_user();
// Delete any role assignments for WP groups which no longer exist
//delete_roles_orphaned_from_group();
// Delete any role assignments for posts/pages which no longer exist
//delete_roles_orphaned_from_item( OBJECT_SCOPE_RS, 'post' );
//delete_restrictions_orphaned_from_item( OBJECT_SCOPE_RS, 'post' ); // hold off on this until delete_roles_orphaned_from_item() call has a long, clear track record
// Delete any role assignments for categories which no longer exist
//delete_roles_orphaned_from_item( TERM_SCOPE_RS, 'category' );
//delete_restrictions_orphaned_from_item( TERM_SCOPE_RS, 'category' );
//rs_errlog("finished syncroles "');
}
function add_user($user_id, $role_name = '', $blog_id = '')
{
// enroll user in default group(s)
if ($default_groups = scoper_get_option('default_groups')) {
foreach ($default_groups as $group_id) {
ScoperAdminLib::add_group_user($group_id, $user_id);
}
}
global $scoper_role_types;
foreach ($scoper_role_types as $role_type) {
wpp_cache_flush_group("{$role_type}_users_who_can");
wpp_cache_flush_group("{$role_type}_groups_who_can");
}
ScoperAdminLib::sync_wproles($user_id, $role_name, $blog_id);
}
function scoper_flush_restriction_cache($scope, $src_or_tx_name = '')
{
global $scoper_role_types;
if (OBJECT_SCOPE_RS == $scope) {
if (!$src_or_tx_name) {
global $scoper;
if (!empty($scoper->data_sources)) {
$src_or_tx_name = $scoper->data_sources->get_all_keys();
}
}
} elseif (TERM_SCOPE_RS == $scope) {
if (!$src_or_tx_name) {
global $scoper;
if (!empty($scoper->taxonomies)) {
$src_or_tx_name = $scoper->taxonomies->get_all_keys();
}
}
}
if (!$src_or_tx_name) {
update_option('scoper_need_cache_flush', true);
// if taxonomies / data sources could not be determined, invalidate entire cache
return;
}
$names = (array) $src_or_tx_name;
foreach ($scoper_role_types as $role_type) {
foreach ($names as $src_or_tx_name) {
wpp_cache_flush_group("{$role_type}_{$scope}_restrictions_{$src_or_tx_name}");
}
}
foreach ($scoper_role_types as $role_type) {
wpp_cache_flush_group("{$role_type}_{$scope}_def_restrictions");
}
}
